File: ssl_test.rb

package info (click to toggle)
ruby-redis 4.2.5-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 1,168 kB
  • sloc: ruby: 12,820; makefile: 107; sh: 24
file content (82 lines) | stat: -rw-r--r-- 2,321 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# frozen_string_literal: true

require_relative "helper"

class SslTest < Minitest::Test
  include Helper::Client

  driver(:ruby) do
    def test_connection_to_non_ssl_server
      assert_raises(Redis::CannotConnectError) do
        redis = Redis.new(OPTIONS.merge(ssl: true, timeout: LOW_TIMEOUT))
        redis.ping
      end
    end

    def test_verified_ssl_connection
      RedisMock.start({ ping: proc { "+PONG" } }, ssl_server_opts("trusted")) do |port|
        redis = Redis.new(port: port, ssl: true, ssl_params: { ca_file: ssl_ca_file })
        assert_equal redis.ping, "PONG"
      end
    end

    def test_unverified_ssl_connection
      assert_raises(OpenSSL::SSL::SSLError) do
        RedisMock.start({ ping: proc { "+PONG" } }, ssl_server_opts("untrusted")) do |port|
          redis = Redis.new(port: port, ssl: true, ssl_params: { ca_file: ssl_ca_file })
          redis.ping
        end
      end
    end

    def test_verify_certificates_by_default
      assert_raises(OpenSSL::SSL::SSLError) do
        RedisMock.start({ ping: proc { "+PONG" } }, ssl_server_opts("untrusted")) do |port|
          redis = Redis.new(port: port, ssl: true)
          redis.ping
        end
      end
    end

    def test_ssl_blocking
      RedisMock.start({}, ssl_server_opts("trusted")) do |port|
        redis = Redis.new(port: port, ssl: true, ssl_params: { ca_file: ssl_ca_file })
        assert_equal redis.set("boom", "a" * 10_000_000), "OK"
      end
    end
  end

  driver(:hiredis, :synchrony) do
    def test_ssl_not_implemented_exception
      assert_raises(NotImplementedError) do
        RedisMock.start({ ping: proc { "+PONG" } }, ssl_server_opts("trusted")) do |port|
          redis = Redis.new(port: port, ssl: true, ssl_params: { ca_file: ssl_ca_file })
          redis.ping
        end
      end
    end
  end

  private

  def ssl_server_opts(prefix)
    ssl_cert = File.join(cert_path, "#{prefix}-cert.crt")
    ssl_key  = File.join(cert_path, "#{prefix}-cert.key")

    {
      ssl: true,
      ssl_params: {
        cert: OpenSSL::X509::Certificate.new(File.read(ssl_cert)),
        key: OpenSSL::PKey::RSA.new(File.read(ssl_key))
      }
    }
  end

  def ssl_ca_file
    File.join(cert_path, "trusted-ca.crt")
  end

  def cert_path
    File.expand_path('support/ssl', __dir__)
  end
end